GitHub's Fake Star Economy: 6M Stars, Fooled VCs, Real Money
New research reveals 6 million fake GitHub stars and a shadow economy gaming VC investment decisions. The manipulation is more organized than you think.
Written by AI. Zara Chen
Photo: Theo - t3․gg / YouTube
So here's a fun Tuesday: researchers just confirmed that roughly 6 million GitHub stars are fake, and there's an entire professionalized economy built around selling them to startups who then use those numbers to unlock millions in VC funding.
Let me be clear about what we're talking about here. This isn't some conspiracy theory from the depths of Hacker News. This is peer-reviewed research from Carnegie Mellon, North Carolina State, and Socket—organizations that actually know what they're doing. They analyzed 20 terabytes of GitHub data, spotted the manipulation, and then watched as GitHub itself deleted 90% of the flagged repos and 57% of the flagged accounts. The platform knew. They just... hadn't done much about it until someone published the receipts.
The Economics Are Disturbingly Simple
Here's the math that should make you uncomfortable: a GitHub star costs as little as 6 cents. A seed round unlocks $1-10 million. You can see why thousands of repos are exploiting this, right?
The pricing tiers are what really got me. Budget stars—the disposable kind that might not survive scrutiny—run 3-10 cents each. Mid-tier stars from accounts with some history cost 20-50 cents. Premium aged accounts with years of activity? Those stars cost 80-90 cents but they're delivered slowly to look organic. One vendor, Social Plug, claims to have delivered 3.1 million stars across 53,000 clients and offers a formal API for programmatic purchasing. An API.
There are WeChat groups with over a thousand members processing repos and generating $3.4-4.4 million annually just from this. Fiverr has 24 active gigs selling GitHub promotion. Pre-built GitHub profiles with 5-year commit histories sell for $5,000 on Telegram. This isn't some dark web operation—you can Google this stuff and find vendors immediately.
How VCs Got Played
The Awesome Agents investigation that surfaced all this ran their own analysis on 20 repos, and what they found was... look, it's bad. Union Labs—the number one project in Runa Capital's influential ROSS index for Q2 2025, a report VCs actually use to source investments—showed clear manipulation signals. Nearly half its stars appear to be fake.
"An influential investment sourcing report that VCs rely on was topped by a project where nearly half the stars are likely artificial," the researchers noted.
This matters because GitHub stars have become a proxy for traction when you're pitching investors who don't necessarily understand code. They're looking at growth curves, and a chart that goes vertical looks like product-market fit. Except when it's just... purchased.
The Fingerprints Are Obvious Once You Know What to Look For
Healthy repos like Flask have stargazers with median account ages around 4,800 days. Only about 1% are "ghost accounts"—zero repos, zero followers, no bio. The fork-to-star ratio sits around 23%.
Now look at the sketchy ones. Free Domain has 107,000 stars but only 168 watchers. That's a watcher-to-star ratio 26 times lower than Flask. When 0.1% of people who starred your repo also bothered to click "watch," that tells you something. The blockchain projects are even worse—some showing 81% of stargazers with zero followers, a third with zero repos, and fork-to-star ratios in the low single digits.
The AI space isn't immune. Open AFM showed 66% suspicious accounts with a median account age of just 116 days. Two-thirds of its stargazers are less than a year old with virtually no GitHub activity. Even projects that seem legitimate show warning signs—accounts that pass basic age filters but are completely empty shells, purchased or farmed specifically for star campaigns.
GitHub's Moderation Problem
What frustrates me about this—and I think the source video nails this—is that GitHub has never really figured out how to be a community platform. They built an incredible tool for hosting code, then added social features without developing the moderation infrastructure those features require.
Compare this to platforms that take community management seriously. Twitch, for all its issues, has granular controls: shield mode, follower-only chat, slow mode, configurable automod, custom message retention settings. GitHub has... none of this. You can't limit how many issues a user can open. You can't filter specific words from appearing in issues. The tools simply don't exist.
"If you want to limit how many issues a user can open, you're fucked," as the video creator put it. "GitHub doesn't know how to run a platform. They know how to run a place that holds your source code kind of."
This isn't just about stars. The same shadow economy sells fabricated contribution graphs, fake commit histories, and aged accounts with Arctic Code Vault badges. When your platform's community features can be gamed this comprehensively, and you don't have the moderation tools to fight back, the problem compounds.
What Actually Changes Now?
Here's what I keep thinking about: Goodhart's Law states that when a measure becomes a target, it ceases to be a good measure. We've watched this happen with every metric that matters—Twitter followers, YouTube views, Instagram likes. Stars were supposed to be different because they represented developer trust, technical judgment, actual usage.
But now GitHub is where normies land when they're looking for that "big red download button." The user base has expanded beyond people who understand what a fork is, which means the potential for manipulation has expanded too. A project can rack up 157,000 stars and nobody's actually using it because nobody's forking it.
The problem accelerated dramatically in 2024. By July, 16% of all repos with 50+ stars were involved in fake star campaigns, up from near zero before 2022. Seventy-eight manipulated repos made it onto GitHub Trending, which means the gaming isn't just fooling VCs—it's corrupting discovery for everyone.
And the thing is, I don't see GitHub solving this. They don't have the institutional knowledge or infrastructure for this kind of platform moderation. Which means the metric that's supposed to signal trust and adoption is increasingly just... noise. VCs will have to find other signals. Developers will have to look at different indicators. The star count that used to mean something now requires a forensic investigation to interpret.
We built a community around a number, and then we made the number worth money. The rest was inevitable.
—Zara Chen, Tech & Politics Correspondent
We Watch Tech YouTube So You Don't Have To
Get the week's best tech insights, summarized and delivered to your inbox. No fluff, no spam.
More Like This
Heroku Is Really Dead This Time, and Here's What Happened
Heroku has entered full maintenance mode after mass layoffs and leadership exodus. How did Salesforce let a developer platform die at the finish line?
AI Code Generation Hits Open Source Like a Sledgehammer
AI-generated code is overwhelming open source maintainers with low-quality contributions. GitHub now lets projects disable pull requests entirely.
AI Is Breaking Open Source, and GitHub Won't Save Us
AI-generated pull requests are flooding maintainers, degrading code quality, and making open source maintenance unsustainable. Here's what's actually happening.
Vite Plus Goes Open Source—With Sharp Edges Still Showing
Vite Plus launched as open source alpha, promising unified tooling. Early testing reveals impressive speed alongside design choices that may frustrate power users.
GitHub's New Fees: A Decline in Developer Trust?
GitHub's controversial new fees for avoiding its services spark frustration. Explore alternatives like Depot and Blacksmith for better solutions.
Anthropic's DMCA Mess: What Happens When 8,100 Repos Go Down
Developer Theo got DMCA'd by Anthropic for changing one word in a markdown file. The story reveals how DMCA enforcement can go catastrophically wrong.
Scientists Made a Virtual Fly Walk Using a Dead Fly's Brain
Eon Systems copied a fruit fly's brain into a computer and it just...walked. No training, no programming. What does this mean for AGI?
Why OpenAI Might Build Its Own GitHub Alternative
OpenAI is reportedly developing an internal alternative to GitHub. The move signals a larger shift in how version control works in an AI-driven world.
RAG·vector embedding
2026-04-26This article is indexed as a 1536-dimensional vector for semantic retrieval. Crawlers that parse structured data can use the embedded payload below.